Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2021-36356

    KRAMER VIAware through August 2021 allows remote attackers to execute arbitrary code because ajaxPages/writeBrowseFilePathAjax.php accepts arbitrary executable pathnames (even though browseSystemFiles.php is no longer reachable via the GUI). NOTE: this is... Read more

    Affected Products : viaware
    • EPSS Score: %90.24
    • Published: Aug. 31, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-1919

    Integer underflow can occur when the RTCP length is lesser than than the actual blocks present in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, S... Read more

    • EPSS Score: %0.24
    • Published: Sep. 08, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-36722

    Emuse - eServices / eNvoice SQL injection can be used in various ways ranging from bypassing login authentication or dumping the whole database to full RCE on the affected endpoints. The SQLi caused by CWE-209: Generation of Error Message Containig Senset... Read more

    Affected Products : emuse_-_eservices_\/_envoice
    • EPSS Score: %0.19
    • Published: Dec. 29, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-29323

    D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the MAC parameter in /goform/editassignment.... Read more

    Affected Products : dir-816_firmware dir-816
    • EPSS Score: %1.87
    • Published: May. 10, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-29644

    TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a hard coded password for the telnet service stored in the component /web_cste/cgi-bin/product.ini.... Read more

    Affected Products : a3100r_firmware a3100r
    • EPSS Score: %0.37
    • Published: May. 18, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2020-11844

    Incorrect Authorization vulnerability in Micro Focus Container Deployment Foundation component affects products: - Hybrid Cloud Management. Versions 2018.05 to 2019.11. - ArcSight Investigate. versions 2.4.0, 3.0.0 and 3.1.0. - ArcSight Transformation Hub... Read more

    • EPSS Score: %1.03
    • Published: May. 29, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2010-4509

    Multiple unspecified vulnerabilities in Movable Type 4.x before 4.35 and 5.x before 5.04 have unknown impact and attack vectors related to the (1) mt:AssetProperty and (2) mt:EntryFlag tags.... Read more

    Affected Products : movable_type movabletype
    • EPSS Score: %0.46
    • Published: Dec. 09, 2010
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2008-4704

    PHP remote file inclusion vulnerability in SezHooTabsAndActions.php in SezHoo 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the IP parameter.... Read more

    Affected Products : sezhoo
    • EPSS Score: %1.20
    • Published: Oct. 23, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2021-44631

    A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/reset_cloud_pwd feature, which allows malicous users to execute arbitrary code on the system via a crafted post request.... Read more

    Affected Products : tl-wr886n_firmware tl-wr886n
    • EPSS Score: %0.90
    • Published: Mar. 10, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-12016

    Baxter ExactaMix EM 2400 & EM 1200, Versions ExactaMix EM2400 Versions 1.10, 1.11, 1.13, 1.14, ExactaMix EM1200 Versions 1.1, 1.2, 1.4, 1.5, Baxter ExactaMix EM 2400 Versions 1.10, 1.11, 1.13, 1.14 and ExactaMix EM1200 Versions 1.1, 1.2, 1.4 and 1.5 have ... Read more

    • EPSS Score: %0.21
    • Published: Jun. 29, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-45616

    Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR750 before 3.2.18.2, LAX20 before 1.1.6.28, MK62 before 1.0.6.116, MR60 before 1.0.6.116, MS60 before 1.0.6.116, R6900P before 1.3.3.140, R7000 befor... Read more

    • EPSS Score: %1.53
    • Published: Dec. 26, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-45621

    Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before 3.2.18.2, EAX20 before 1.0.0.58, EAX80 before 1.0.1.68, EX3700 before 1.0.0.94, EX3800 before 1.0.0.94, EX6120 befo... Read more

    • EPSS Score: %1.53
    • Published: Dec. 26, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-31446

    Tenda AC18 router V15.03.05.19 and V15.03.05.05 was discovered to contain a remote code execution (RCE) vulnerability via the Mac parameter at ip/goform/WriteFacMac.... Read more

    Affected Products : ac18_firmware ac18
    • EPSS Score: %48.65
    • Published: Jun. 14, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2022-3167

    Improper Restriction of Rendered UI Layers or Frames in GitHub repository ikus060/rdiffweb prior to 2.4.1.... Read more

    Affected Products : rdiffweb
    • EPSS Score: %0.19
    • Published: Sep. 08, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-40146

    A Remote Code Execution (RCE) vulnerability was discovered in the Any23 YAMLExtractor.java file and is known to affect Any23 versions < 2.5. RCE vulnerabilities allow a malicious actor to execute any code of their choice on a remote machine over LAN, WAN,... Read more

    Affected Products : any23
    • EPSS Score: %3.21
    • Published: Sep. 11, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2006-4037

    Unspecified vulnerability in Fenestrae Faxination Server allows remote attackers to execute arbitrary code via a crafted packet.... Read more

    Affected Products : faxination_server
    • EPSS Score: %3.67
    • Published: Aug. 09, 2006
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2006-4098

    Stack-based buffer overflow in the CSRadius service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allows remote attackers to execute arbitrary code via a crafted RADIUS Accounting-Request packet.... Read more

    Affected Products : secure_access_control_server
    • EPSS Score: %13.86
    • Published: Dec. 31, 2006
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2018-19036

    An issue was discovered in several Bosch IP cameras for firmware versions 6.32 and higher. A malicious client could potentially succeed in the unauthorized execution of code on the device via the network interface.... Read more

    • EPSS Score: %0.90
    • Published: Dec. 17, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2014-2609

    The Java Glassfish Admin Console in HP Executive Scorecard 9.40 and 9.41 does not require authentication, which allows remote attackers to execute arbitrary code via a session on TCP port 10001, aka ZDI-CAN-2116.... Read more

    Affected Products : executive_scorecard
    • EPSS Score: %26.17
    • Published: Jun. 19, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    CRITICAL
    CVE-2023-26477

    XWiki Platform is a generic wiki platform. Starting in versions 6.3-rc-1 and 6.2.4, it's possible to inject arbitrary wiki syntax including Groovy, Python and Velocity script macros via the `newThemeName` request parameter (URL parameter), in combination ... Read more

    Affected Products : xwiki
    • EPSS Score: %49.26
    • Published: Mar. 02, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 290974 Results